-
-
Notifications
You must be signed in to change notification settings - Fork 289
/
core-capabilities.h
266 lines (224 loc) · 5.94 KB
/
core-capabilities.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
/*
* Copyright (C) 2022-2025 Colin Ian King
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
*/
#ifndef CORE_CAPABILITIES_H
#define CORE_CAPABILITIES_H
#define SHIM_CAP_IS_ROOT (-1)
/* POSIX-draft defined capabilities */
#if defined(CAP_CHOWN)
#define SHIM_CAP_CHOWN CAP_CHOWN
#else
#define SHIM_CAP_CHOWN SHIM_CAP_IS_ROOT
#endif
#if defined(CAP_DAC_OVERRIDE)
#define SHIM_CAP_DAC_OVERRIDE CAP_DAC_OVERRIDE
#else
#define SHIM_CAP_DAC_OVERRIDE SHIM_CAP_IS_ROOT
#endif
#if defined(CAP_DAC_READ_SEARCH)
#define SHIM_CAP_DAC_READ_SEARCH CAP_DAC_READ_SEARCH
#else
#define SHIM_CAP_DAC_READ_SEARCH SHIM_CAP_IS_ROOT
#endif
#if defined(CAP_FOWNER)
#define SHIM_CAP_FOWNER CAP_FOWNER
#else
#define SHIM_CAP_FOWNER SHIM_CAP_IS_ROOT
#endif
#if defined(CAP_FSETID)
#define SHIM_CAP_FSETID CAP_FSETID
#else
#define SHIM_CAP_FSETID SHIM_CAP_IS_ROOT
#endif
#if defined(CAP_KILL)
#define SHIM_CAP_KILL CAP_KILL
#else
#define SHIM_CAP_KILL SHIM_CAP_IS_ROOT
#endif
#if defined(CAP_SETGID)
#define SHIM_CAP_SETGID CAP_SETGID
#else
#define SHIM_CAP_SETGID SHIM_CAP_IS_ROOT
#endif
#if defined(CAP_SETUID)
#define SHIM_CAP_SETUID CAP_SETUID
#else
#define SHIM_CAP_SETUID SHIM_CAP_IS_ROOT
#endif
/* Linux specific capabilities */
#if defined(CAP_SETPCAP)
#define SHIM_CAP_SETPCAP CAP_SETPCAP
#else
#define SHIM_CAP_SETPCAP SHIM_CAP_IS_ROOT
#endif
#if defined(CAP_LINUX_IMMUTABLE)
#define SHIM_CAP_LINUX_IMMUTABLE CAP_LINUX_IMMUTABLE
#else
#define SHIM_CAP_LINUX_IMMUTABLE SHIM_CAP_IS_ROOT
#endif
#if defined(CAP_NET_BIND_SERVICE)
#define SHIM_CAP_NET_BIND_SERVICE CAP_NET_BIND_SERVICE
#else
#define SHIM_CAP_NET_BIND_SERVICE SHIM_CAP_IS_ROOT
#endif
#if defined(CAP_NET_BROADCAST)
#define SHIM_CAP_NET_BROADCAST CAP_NET_BROADCAST
#else
#define SHIM_CAP_NET_BROADCAST SHIM_CAP_IS_ROOT
#endif
#if defined(CAP_NET_ADMIN)
#define SHIM_CAP_NET_ADMIN CAP_NET_ADMIN
#else
#define SHIM_CAP_NET_ADMIN SHIM_CAP_IS_ROOT
#endif
#if defined(CAP_NET_RAW)
#define SHIM_CAP_NET_RAW CAP_NET_RAW
#else
#define SHIM_CAP_NET_RAW SHIM_CAP_IS_ROOT
#endif
#if defined(CAP_IPC_LOCK)
#define SHIM_CAP_IPC_LOCK CAP_IPC_LOCK
#else
#define SHIM_CAP_IPC_LOCK SHIM_CAP_IS_ROOT
#endif
#if defined(CAP_IPC_OWNER)
#define SHIM_CAP_IPC_OWNER CAP_IPC_OWNER
#else
#define SHIM_CAP_IPC_OWNER SHIM_CAP_IS_ROOT
#endif
#if defined(CAP_SYS_MODULE)
#define SHIM_CAP_SYS_MODULE CAP_SYS_MODULE
#else
#define SHIM_CAP_SYS_MODULE SHIM_CAP_IS_ROOT
#endif
#if defined(CAP_SYS_RAWIO)
#define SHIM_CAP_SYS_RAWIO CAP_SYS_RAWIO
#else
#define SHIM_CAP_SYS_RAWIO SHIM_CAP_IS_ROOT
#endif
#if defined(CAP_SYS_CHROOT)
#define SHIM_CAP_SYS_CHROOT CAP_SYS_CHROOT
#else
#define SHIM_CAP_SYS_CHROOT SHIM_CAP_IS_ROOT
#endif
#if defined(CAP_SYS_PTRACE)
#define SHIM_CAP_SYS_PTRACE CAP_SYS_PTRACE
#else
#define SHIM_CAP_SYS_PTRACE SHIM_CAP_IS_ROOT
#endif
#if defined(CAP_SYS_PACCT)
#define SHIM_CAP_SYS_PACCT CAP_SYS_PACCT
#else
#define SHIM_CAP_SYS_PACCT SHIM_CAP_IS_ROOT
#endif
#if defined(CAP_SYS_ADMIN)
#define SHIM_CAP_SYS_ADMIN CAP_SYS_ADMIN
#else
#define SHIM_CAP_SYS_ADMIN SHIM_CAP_IS_ROOT
#endif
#if defined(CAP_SYS_BOOT)
#define SHIM_CAP_SYS_BOOT CAP_SYS_BOOT
#else
#define SHIM_CAP_SYS_BOOT SHIM_CAP_IS_ROOT
#endif
#if defined(CAP_SYS_NICE)
#define SHIM_CAP_SYS_NICE CAP_SYS_NICE
#else
#define SHIM_CAP_SYS_NICE SHIM_CAP_IS_ROOT
#endif
#if defined(CAP_SYS_RESOURCE)
#define SHIM_CAP_SYS_RESOURCE CAP_SYS_RESOURCE
#else
#define SHIM_CAP_SYS_RESOURCE SHIM_CAP_IS_ROOT
#endif
#if defined(CAP_SYS_TIME)
#define SHIM_CAP_SYS_TIME CAP_SYS_TIME
#else
#define SHIM_CAP_SYS_TIME SHIM_CAP_IS_ROOT
#endif
#if defined(CAP_SYS_TTY_CONFIG)
#define SHIM_CAP_SYS_TTY_CONFIG CAP_SYS_TTY_CONFIG
#else
#define SHIM_CAP_SYS_TTY_CONFIG SHIM_CAP_IS_ROOT
#endif
#if defined(CAP_MKNOD)
#define SHIM_CAP_MKNOD CAP_MKNOD
#else
#define SHIM_CAP_MKNOD SHIM_CAP_IS_ROOT
#endif
#if defined(CAP_LEASE)
#define SHIM_CAP_LEASE CAP_LEASE
#else
#define SHIM_CAP_LEASE SHIM_CAP_IS_ROOT
#endif
#if defined(CAP_AUDIT_WRITE)
#define SHIM_CAP_AUDIT_WRITE CAP_AUDIT_WRITE
#else
#define SHIM_CAP_AUDIT_WRITE SHIM_CAP_IS_ROOT
#endif
#if defined(CAP_AUDIT_CONTROL)
#define SHIM_CAP_AUDIT_CONTROL CAP_AUDIT_CONTROL
#else
#define SHIM_CAP_AUDIT_CONTROL SHIM_CAP_IS_ROOT
#endif
#if defined(CAP_SETFCAP)
#define SHIM_CAP_SETFCAP CAP_SETFCAP
#else
#define SHIM_CAP_SETFCAP SHIM_CAP_IS_ROOT
#endif
#if defined(CAP_MAC_OVERRIDE)
#define SHIM_CAP_MAC_OVERRIDE CAP_MAC_OVERRIDE
#else
#define SHIM_CAP_MAC_OVERRIDE SHIM_CAP_IS_ROOT
#endif
#if defined(CAP_MAC_ADMIN)
#define SHIM_CAP_MAC_ADMIN CAP_MAC_ADMIN
#else
#define SHIM_CAP_MAC_ADMIN SHIM_CAP_IS_ROOT
#endif
#if defined(CAP_SYSLOG)
#define SHIM_CAP_SYSLOG CAP_SYSLOG
#else
#define SHIM_CAP_SYSLOG SHIM_CAP_IS_ROOT
#endif
#if defined(CAP_WAKE_ALARM)
#define SHIM_CAP_WAKE_ALARM CAP_WAKE_ALARM
#else
#define SHIM_CAP_WAKE_ALARM SHIM_CAP_IS_ROOT
#endif
#if defined(CAP_BLOCK_SUSPEND)
#define SHIM_CAP_BLOCK_SUSPEND CAP_BLOCK_SUSPEND
#else
#define SHIM_CAP_BLOCK_SUSPEND SHIM_CAP_IS_ROOT
#endif
#if defined(CAP_AUDIT_READ)
#define SHIM_CAP_AUDIT_READ CAP_AUDIT_READ
#else
#define SHIM_CAP_AUDIT_READ SHIM_CAP_IS_ROOT
#endif
#if defined(CAP_PERFMON)
#define SHIM_CAP_PERFMON CAP_PERFMON
#else
#define SHIM_CAP_PERFMON SHIM_CAP_IS_ROOT
#endif
#if defined(CAP_BPF)
#define SHIM_CAP_BPF CAP_BPF
#else
#define SHIM_CAP_BPF SHIM_CAP_IS_ROOT
#endif
#endif